"With 79% of organizations expecting their number of third parties to increase over the next years, how can risk management professionals better prepare to keep their organizations secure?"
We answered this question plus others including, what trends are fueling this evolution and which technologies are best equipped to meet this new challenge in a recent webinar with Gartner’s Vice President of Research, Christopher Ambrose, and Mastercard’ Vice President of Strategy and Risk, Jonathan Ehret.
You can watch the full webinar below. However, here's a quick summary of the discussion.
Landscape: Top Trends Impacting Third-Party Risk Management (TPRM)
- 79% of organizations expect the number of third parties to increase over the next three years.
- By 2027, 75% of employees will acquire, modify, or create technology outside IT’s visibility - up from 41% in 2022.
- By 2025, 60% of organizations will use cybersecurity risk as a significant determinant in conducting third-party transactions and business engagements.
- By 2025, 50% of cybersecurity leaders will have tried, unsuccessfully, to use cyber-risk quantification to drive enterprise decision making.
Challenges: Top Questions Plaguing TPRM Partitioners
- How do I make sure that procured third-party solutions are secure?
- How can I make third-party cyber risk activities more effective?
- How can I validate the security posture of all my third parties at scale?
- How do I get stakeholders to understand third-party cyber risks?
- How do I stay better protected against raising cyber threats?
- How do I ensure identified risk leads to actual controls implementation?
Next Steps: Determining TPRM Needs and Business Outcomes
Before identifying potential solution vendors, work with business stakeholders to align on key goals by determining the following;
- TPRM Business Drivers
Examples: program maturity, operational effectiveness, compliance
- TPRM Solution Scope
Examples: full lifecycle, identification, assessment, remediation/mitigation, monitoring
- TPRM Use Cases
Examples: TPRM program automation, risk intelligence and analytics, outsource TPRM program
- TPRM Risk Domains
Examples: cyber, data privacy, ESG, operational, regulatory, financial
Solution: Choosing the Right TPRM Solution
It’s important to understand that the markets for TPRM are dynamic and the capabilities provided within the markets, vendors, solutions, and services are constantly changing. However, when determining which TPRM solution is best, many businesses should evaluate how well the solution fairs amongst the following criteria;
Data & Insights
- Data accuracy
- Data origination
- Data sharing
Actionability, Prioritization, and Efficiency
- Issue prioritization
- Vendor action plans
- Search functionality
- TPRM specific forethought
- Easy of navigation
- Flexible pricing